Storing passwords in the system increases our risk exposure even if the passwords are hashed. Can you consider SSO for admin and vendors. Admins can use SAML/OIDC based Identity providers. Vendors can stick to Google and Facebook or Apple etc. However, they should still be mandated to create their profile